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T^ifeifc^^tocol) or L2F (Layer Two Forwarding), or an IP-based (Internet Protocol) 
connection, such as used with ATM or frame relay. The user of the host computer 12, 
having established such a connection, has the ongoing capability to access the specified 
domain until the connection is terminated either at the directive of the user or by error in 
data transmission. The access point 14 will typically have the capability to connect the 
user to various other privately owned secured domain sites, such as the second private 
domain site 18 or the public Intemet 20. The user of the host computer 12 may use the 
PPP protocol to connect through the wholesaler networks to another Home Gateway. 

Layer 2 Tunneling Protocol (L2TP) is used in many Virtual Private Networks 
(VPNs). An L2TP access concentrator (LAC) is a device that the client directly connects 
to and that tunnels Point-to-Point (PPP) frames to the L2TP network server (LNS). The 
LAC is the initiator of incoming calls and the receiver of outgoing calls. An L2TP 
network server (LNS) is the Termination point for an L2TP mnnel and the access point 
where PPP frames are processed and passed to higher layer protocols. The LNS handles 
the server side of the L2TP protocol. The LNS terminates calls arriving at any of the 
LAC's PPP interfaces, including asynchronous, synchronous and ISDN. The LNS is the 
initiator of outgoing calls and the receiver of incoming calls. 

Figure 2 is a block diagram that illustrates an L2TP mnnel and how a user 
typically connects to a privately owned domain site such as a corporate intranet. Using 
L2TP tunneling, an L2TP access concentrator (LAC) 100 located at the ISP's point of 
presence (POP) 105 exchanges PPP messages 1 10 with remote users 1 15 and 
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ADSL (Asymmetric Digital Subscriber Line) may be used. Those of ordinary skill in the 
art will recognize that other types of broadcast mechanisms may be provided by an ISP or 
Telco such as Ethernet™, frame relay, leased lines, ATM (Asynchronous Transfer Mode) 
or the like. Access points 345 are located within a wide area network (WAN) 350 and 
are operated by Telcos or ISPs. The access points 345 house AAA servers 355, Service 
Selection Gateways (not shown in Fig. 4), L2TP Access Concentrators (LACs) 360, 
Digital Subscriber Line Aggregation Multiplexers (DSLAMs) 365, 370, 375 or similar 
devices. The Service Selection Gateway (SSG) is not an integral part of the present 
invention and therefore a discussion related to their functionality would not benefit the 
discussion of the present invention. The SSG serves as a gateway between the user and 
public area domains, such as the Internet. 

In order for a user host to gain access to a pubUc domain network, such as the 
Internet, users must first dial-in or otherwise make a connection with the SSG through a 
data-receiving interface (not shown in Fig. 5.). As a threshold matter, an authorizer (not 
shown in Fig. 5) within the LAC serves to authenticate the identity of the user, ensure 
authorization and ascertain the nature and scope of the public network services that it will 
provide. 

According to one embodiment of the present invention, an access point 345 
includes one or more DSLAMs 365, 370, 375 that service the copper loops between the 
access point 345 and the Customer Premises Equipment (CPE) 305, 310, 315. DSLAMs 
365, 370, 375 may link locally or via an inter-central office (CO) link to LAC 360. 
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Figure 9B is a table that includes a list of tunnel IDs 915 indexed by domain 
names 920. Table 9B may be used in conjunction with table 9 A to obtain a tunnel ID 915 
associated with a virtual circuit ID 905. 

5 

Figure 9C is a virtual circuit profile table that contains a list of tunnel IDs 925 
indexed by virtual circuit IDs 930. A domain configuration override attribute 935 
determines whether a subscriber is limited to establishing a mnnel with a particular 
domain. In the example, a port having a virtual circuit ID of 94/22 (940) may use mnnel 
10 ID 2210 (945) exclusively. 

The tunnel selection configuration override attribute is requested by the domain 
owner to be placed in virtual circuit profiles. It allows the service provider the capability 
to ensure that a PPP session originating from a DSLAM port allocated to a particular 
15 domain can connect with only that particular domain, regardless of what domain name is 
entered in the PPP authentication packet. This provides added security to the owner of 
the private domain by lessening the likelihood of an unauthorized access to the home 
gateway of a corporate intranet. The service provider would have the control over which 
ports are allocated to which domains. The service provider would also have control over 
20 which ports have the mnnel selection configuration attribute in their virtual circuit profile 
and are, thus, limited to one domain and which virtual circuit profiles do not contain the 
mnnel selection configuration override attribute and are, thus, free to connect to more 
than one domain. 
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In Claim 15, in line 8, please replace "said service on said network device" with -a 

domain associated with a domain configuration override attribute, said domain-. 

r 4' H 

In Claim 15, in line 9, after "network", please insert ^ ^rr^^ '»a 
^n Claim 22, in line 3, please replace "service located on a network device in" with - 
Clorr^J domain associated with a domain configuration override attribute, said domain located 
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m Claim 22. in line 7. after "request", please insert -. said service request optionally 
including a domain identifier-. 
^In Claim 30. in line 3. please replace "service located on a network device in" with - 
CorrU4 domain associated with a domain configuration override attribute, said domain located 

In Claim 30. line 10, after "request", please insert -. said service request optionally 
including a domain identifier-. 
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35. (Currently Amended) The access server of claim 30 [33] wherein said assessor is capable 
of performing a table lookup based upon a Virtual Path Identifier (VPI) / Virtual Channel 
Identifier (VCI) associated With said virtual circuit. 



36. (Currently Amended) The access server of claim 31 [34] wherein said receiving interface 
comprises at least one access multiplexer; each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 
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